I am currently setting up a Windows Server 2008 R2 with Active Directory and are currently facing an issue with setting up file/folder sharing between users/groups:

My organization is divided into sections, each section has a section manager and section users. I want to achieve that each section user has a shared folder that can be accessed only by him and the the section manager. The section manager can access all shared folders of his section users, but not the shared folders of any other section. Furthermore its important that section users cannot access any other shared folders (e.g. the shared folders of other section users).

Well, how do I setup such a structure? I basically need a conception for needed groups, users, rights and where to store the actual folders in the file system.

1 Answer
1

Your description/requirements seems fairly "flat" in which it should not require anything too elaborate. You may consider an approach in which:

Each section has its own group with the manager in its membership

Each section can also have its own main folder with subfolders for each member

Each user is assigned/associated to their own subfolder and "everyone" removed

The manager group is assigned/associated to each of its section subfolders

The arrangement should accomplish what you described as well as facilitating efficiencies of changing managers across any of the sections. The group-section-manager will just need updating, each subfolder assignments will then reflect the access change by having the group already associated/assigned to it.